Systems, computer-readable media, and methods for improving both data privacy/anonymity and data value, wherein real-world, synthetic, or other data related to a data subject can be used while minimizing re-identification risk by unauthorized parties and enabling data, including quasi-identifiers, related to the data subject to be disclosed to any authorized party by granting access only to the data relevant to that authorized party's purpose, time period, purpose, place and/or other criterion via the required obfuscation of specific data values, e.g., pursuant to the GDPR or HIPAA, by incorporating a given range of those values into a cohort, wherein only the defined cohort values are disclosed to the given authorized party. Privacy policies may include any privacy enhancement techniques (PET), including: data protection, dynamic de-identification, anonymity, pseudonymity, granularization, and/or obscurity policies. Such systems, media and methods may be implemented on both classical and quantum computing devices.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A system, comprising: a communication interface for sending data over a network; a memory having, stored therein, computer program code; one or more data stores; and one or more processing units operatively coupled to the memory and configured to execute instructions in the computer program code that cause the one or more processing units to: obtain a request from a first user for provision of a privacy policy; determine a first privacy policy based, at least in part, on the request; obtain data from the first user pertaining to a first plurality of data subjects; generate a first dynamically-changing, temporally unique identifier (DDID) for a first data subject in the first plurality of data subjects, wherein the first dynamically-changing, temporally unique identifier is configured to: replace a first value related to the first data subject; and comply with the determined first privacy policy; store the first dynamically changing, temporally unique identifier in the one or more data stores; receive, over the network, a first request for the first value related to the first data subject; send the first dynamically-changing, temporally unique identifier over the network in response to the first request when, according to the first privacy policy, the first request is not authorized to receive the first value; and send the first value over the network in response to the first request when, according to the first privacy policy, the first request is authorized to receive the first value.
2. The system of claim 1 , wherein the first dynamically-changing, temporally unique identifier comprises a Replacement DDID (R-DDID).
3. The system of claim 1 , wherein the first dynamically-changing, temporally unique identifier comprises an Association DDID (A-DDID).
4. The system of claim 2 , wherein the R-DDID comprises a specific value that is used to replace the first value.
5. The system of claim 3 , wherein the A-DDID comprises a specific value.
6. The system of claim 5 , wherein the specific value further comprises a class, cohort, or range of values that is used to replace the first value.
7. The system of claim 1 , wherein at least one of: the request from the first user for provision of a privacy policy; the data pertaining to the first plurality of data subjects; and the first request for the first value is received via a shim.
8. The system of claim 1 , wherein the first value comprises a quasi-identifier.
9. The system of claim 8 , wherein the quasi-identifier comprises unstructured data.
10. The system of claim 8 , wherein the quasi-identifier comprises a class, cohort, or range of values.
11. The system of claim 1 , wherein the privacy policy specifies the generation of synthetic data.
12. The system of claim 11 , wherein the privacy policy further specifies for the generation of DDIDs for synthetic data.
13. The system of claim 1 , wherein at least some of the data obtained from the first user comprises synthetic data.
14. The system of claim 1 , wherein the data obtained from the first user comprises solely synthetic data.
15. A computer-implemented method comprising: obtaining a request from a first user for provision of a privacy policy; determining a first privacy policy based, at least in part, on the request; obtaining data from the first user pertaining to a first plurality of data subjects; generating a first dynamically-changing, temporally unique identifier (DDID) for a first data subject in the first plurality of data subjects, wherein the first dynamically-changing, temporally unique identifier is configured to: replace a first value related to the first data subject; and comply with the determined first privacy policy; storing the first dynamically changing, temporally unique identifier in one or more data stores; receiving, over a network, a first request for the first value related to the first data subject; sending the first dynamically-changing, temporally unique identifier over the network in response to the first request when, according to the first privacy policy, the first request is not authorized to receive the first value; and sending the first value over the network in response to the first request when, according to the first privacy policy, the first request is authorized to receive the first value.
16. The computer-implemented method of claim 15 , wherein the first dynamically-changing, temporally unique identifier comprises a Replacement DDID (R-DDID).
17. The computer-implemented method of claim 15 , wherein the first dynamically-changing, temporally unique identifier comprises an Association DDID (A-DDID).
18. The computer-implemented method of claim 15 , wherein the R-DDID comprises a specific value that is used to replace the first value.
19. The computer-implemented method of claim 17 , wherein the A-DDID comprises a specific value.
20. The computer-implemented method of claim 19 , wherein the specific value further comprises a class, cohort, or range of values that is used to replace the first value.
21. The computer-implemented method of claim 15 , wherein at least one of: the request from the first user for provision of a privacy policy; the data pertaining to the first plurality of data subjects; and the first request for the first value is received via a shim.
22. The computer-implemented method of claim 15 , wherein the first value comprises a quasi-identifier.
23. The computer-implemented method of claim 22 , wherein the quasi-identifier comprises unstructured data.
24. The computer-implemented method of claim 22 , wherein the quasi-identifier comprises a class, cohort, or range of values.
25. The computer-implemented method of claim 15 , wherein the privacy policy specifies the generation of synthetic data.
26. The computer-implemented method of claim 25 , wherein the privacy policy further specifies for the generation of DDIDs for synthetic data.
27. The computer-implemented method of claim 15 , wherein at least some of the data obtained from the first user comprises synthetic data.
28. The computer-implemented method of claim 15 , wherein the data obtained from the first user comprises solely synthetic data.
29. A non-transitory program storage device, readable by a programmable control device, comprising instructions stored thereon that, when executed, cause the programmable control device to: obtain a request from a first user for provision of a privacy policy; determine a first privacy policy based, at least in part, on the request; obtain data from the first user pertaining to a first plurality of data subjects; generate a first dynamically-changing, temporally unique identifier (DDID) for a first data subject in the first plurality of data subjects, wherein the first dynamically-changing, temporally unique identifier is configured to: replace a first value related to the first data subject; and comply with the determined first privacy policy; store the first dynamically changing, temporally unique identifier in one or more data stores; receive, over a network, a first request for the first value related to the first data subject; send the first dynamically-changing, temporally unique identifier over the network in response to the first request when, according to the first privacy policy, the first request is not authorized to receive the first value; and send the first value over the network in response to the first request when, according to the first privacy policy, the first request is authorized to receive the first value.
30. The non-transitory program storage device of claim 29 , wherein the first dynamically-changing, temporally unique identifier comprises a Replacement DDID (R-DDID).
31. The non-transitory program storage device of claim 29 , wherein the first dynamically-changing, temporally unique identifier comprises an Association DDID (A-DDID).
32. The non-transitory program storage device of claim 30 , wherein the R-DDID comprises a specific value that is used to replace the first value.
33. The non-transitory program storage device of claim 31 , wherein the A-DDID comprises a specific value.
34. The non-transitory program storage device of claim 33 , wherein the specific value further comprises a class, cohort, or range of values that is used to replace the first value.
35. The non-transitory program storage device of claim 29 , wherein at least one of: the request from the first user for provision of a privacy policy; the data pertaining to the first plurality of data subjects; and the first request for the first value is received via a shim.
36. The non-transitory program storage device of claim 29 , wherein the first value comprises a quasi-identifier.
37. The non-transitory program storage device of claim 36 , wherein the quasi-identifier comprises unstructured data.
38. The non-transitory program storage device of claim 36 , wherein the quasi-identifier comprises a class, cohort, or range of values.
39. The non-transitory program storage device of claim 29 , wherein the privacy policy specifies the generation of synthetic data.
40. The non-transitory program storage device of claim 39 , wherein the privacy policy further specifies for the generation of DDIDs for synthetic data.
41. The non-transitory program storage device of claim 29 , wherein at least some of the data obtained from the first user comprises synthetic data.
42. The non-transitory program storage device of claim 29 , wherein the data obtained from the first user comprises solely synthetic data.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
April 10, 2017
August 7, 2018
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.